function newsletter_form($loc = '')
{
global $LANG;
$form = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['newsletter_form' . $loc]) && \site\utils::check_csrf($_POST['newsletter_form' . $loc]['csrf'], 'newsletter_form' . $loc . '_csrf')) {
$pd = \site\utils::validate_user_data($_POST['newsletter_form' . $loc]);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
$type = \user\main::subscribe($id, $pd);
if ($type == 1) {
$form .= '<div class="success">' . sprintf($LANG['newsletter_reqconfirm'], $pd['email']) . '</div>';
} else {
$form .= '<div class="success">' . $LANG['newsletter_success'] . '</div>';
}
unset($pd);
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['newsletter_form' . $loc . '_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#widget_newsletter">
<input type="email" name="newsletter_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required />
<input type="hidden" name="newsletter_form' . $loc . '[csrf]" value="' . $csrf . '" />
<button>' . $LANG['subscribe'] . '</button>
</form>';
return $form;
}
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['subscribe']);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
$type = \user\main::subscribe($id, $pd);
$response['state'] = 'success';
$response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success'];
unset($_SESSION['csrf']['ajax_subscribe']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
